# POC for CVE-2021-44228

This python script was created while I was working on the TryHackMe room for [Log4j]( While this was created with default variables for this room, I used argparse to make the script versatile for a GET request.  All necessary varaibles can be changed with different options, see -h for more information.

# Setup
Only my script is hosted here, this requires two other downloads to run properly which I will give links for, but setting up the folders the way I did will allow the script to run without much effort. First create a log4j folder (or whatever name you want) then git clone this repo then move the into /log4j/.

git clone

Next clone [marshalsec](, in the same directory you just created. And then build it using maven.
git clone
cd marshalsec
mvn clean package -DskipTests

Lastly, you will need to [download]( some version of Java 8. For this script, and the default value for -j is 'jdk1.8.0_20'. 

The new directory should look like this when everything is extracted.
kali@kali-[~/tools/Exploits/log4j]$ls -al
total 338448
drwxr-xr-x 5 kali kali      4096 Dec 14 15:22 .
drwx------ 3 kali kali      4096 Dec 14 14:34 ..
drwxr-xr-x 8 kali kali      4096 Jul 30  2014 jdk1.8.0_20
drwxr-xr-x 5 kali kali      4096 Dec 14 14:40 marshalsec
-rw-r--r-- 1 kali kali      2781 Dec 14 16:02

After this setup is complete. Note that if you would like or need to use a different version of java this can be done using -j NAME_OF_JAVA_FOLDER.

# Usage

Help Menu


Included in the script is the payload provided in the THM room, change the IP/port to whatever you want to use. 


Start a netcat listener to catch the shell on the port specified in the java_payload.

Start a python web server on port 8000

Example command:
python3 -l -i -p 8983 

Example output and reverse shell: